\u2022 Prepare a router for access with Cisco Security Device Manager
\u2022 Install SDM onto a PC
\u2022 Install SDM onto a router through a Windows host
In this lab, you will prepare a router for access via the Cisco Security Device Manager (SDM), using some basic commands, to allow connectivity from the SDM to the router. You will then install the SDM application locally on a host computer. Finally, you will install SDM onto the flash memory of a router.
Start this lab by erasing any previous configurations and reloading your
devices. Once your devices are reloaded, set the appropriate hostnames.
Ensure that the switch is set up so that both the router and host are in the same
VLAN. By default, all ports on the switch are assigned to VLAN 1.
\u2022Microsoft Windows ME
\u2022 Microsoft Windows NT 4.0 Workstation with Service Pack 4
\u2022 Microsoft Windows XP Professional
\u2022 Microsoft Windows 2003 Server (Standard Edition)
\u2022 Microsoft Windows 2000 Professional with Service Pack 4
The Cisco SDM application uses the virtual terminal lines and HTTP server to manipulate the configuration of the device. Since a user must log in to access or change the configuration, some basic commands must be issued to allow remote access.
These are basic IOS commands and are not SDM-specific. However, without these commands, SDM will not be able to access the router, and will not work properly.
First, create a username and password on the router for SDM to use. This login
will need to have a privilege level of 15 so that SDM can change configuration
settings on the router. Make the password argument of this command the last
argument on the line, since everything after the password argument will
become part of the password. The username and password combination will be
used later when accessing the router.
HTTP access to the router must be configured for SDM to work. If your image
supports it (you will need to have an IOS image that supports crypto
functionality), you should also enable secure HTTPS access using the ip http
R1(config)# ip http server
R1(config)# ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Jan 14 20:19:45.310: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Jan 14 20:19:46.406: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue
"write memory" to save new certificate
R1(config)# ip http authentication local
Finally, configure the virtual terminal lines of the router to authenticate using the
local authentication database. Allow virtual terminal input through both telnet
R1(config)# line vty 0 4
R1(config-line)# login local
R1(config-line)# transport input telnet ssh
SDM accesses the router using a username and password specified in the
program. Since SDM can potentially change router settings, it needs privileged
access to the router. You enable HTTP so that the router can act as an HTTP
This action might not be possible to undo. Are you sure you want to continue?